Tagged Questions

In computing, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources, either pre-existing ones such as mouse movements or specially provided randomness ...

Encrypted (or random) data, by nature exhibit a high entropy value and non unencrypted data will exhibit a low entropy value. From an attacker point of view the precense of this high entropy value in ...

XKCD #936 uses a limited subset of the English language, only 2000 words. I just looked it up, and the English language has over a million words, a sizeable subset of those having special characters, ...

Apparently, for the Android KeyChain an encrypted master key is stored along the MD5 hash of the unencrypted Key.
How secure is that?
MD5 is known to have collisions, but I guess we can assume with an ...

What I have: A large file containing lots of secret, true-random bytes (yes, I'm sure they're not merely pseudo-random). I'll call it F.
What I want to do: Tell Linux that it can use this file as an ...

I know that asking how many bits of entropy comprise a strong password is rather like asking the length of a piece of string. But assuming the NSA is not on to you, and that it is hardly worthwhile ...

A security conscious friend of mine was attempting to generate entropy using random dice rolls to generate a random password, and I became curious about the security of random number generators and ...

Suppose that we have a process that generates passwords with entropy E.
I'd like to compute the average time it would take for a brute-force attack to crack an MD5-hashed instance of such a password.
...

It's "time to add a word" says Arnold Reinhold, the creator of Diceware, in his blog (3/2014). He advices to use 6 word sentences (or 5 words with one extra character chosen and placed at random) from ...

One of my colleagues is working on securing OAuth 2 client IDs and secrets for our OAuth server and he has come up with this scheme where he would not only use UUID v4 to generate random values, but ...

I want to create my computer passwords with a RNG, but I am thinking about one thing: I would use python to write that script and the RNG is controlled by one seed, most likely the time. If I would ...

I mainly use 2 passwords: 1 is a 4 word full lowercase passphrase of 18 letters long which I use wherever possible. The other is basically 3 words and a digit with the first word in full uppercase and ...

The purpose of my question is get an better idea about reasonable amout of time the generation of the RSA public/private keypair should take?
To be less vague let me specify the question and define I ...

Background: Implementing online casino, I would like to use a number of PRNGs with high throughput, like MersenneTwisterFast. I know it is not cryptographically strong, but quite unpredictable when ...

According to findings by the EFF's SSL observatory, there are "tens of thousands of keys that offer effectively no security due to weak random number generation algorithm." My understanding of that ...

I couldn't find the answer for the reason anywhere, even the wiki page doesn't explain it. This seems like using a PRNG for seeding an another PRNG. The first one (/dev/random) may itself be seeded by ...

Current full disk encryption on mobile devices rely on low entropy passwords like PIN numbers or pattern locks. Being able to use a smartcard with such mobile devices is a tempting idea.
I know that ...

What's the best way to go about generating a fast stream of cryptographically strong pseudorandom data without installing uncommon packages? Drawing from /dev/urandom is far too slow.
I had an idea ...

Our application needs to generate secure keys for long term storage on AWS using openssl. But I've seen some instance where entropy falls dangerously low on AWS machines and this doesn't appear to be ...

Questions about the strength of pass phrases frequently popup, as does: how to generate a strong passphrase? I tried to combine both in a tool. The free tool also includes recovery time estimations ...

If it's true you only need about 128 bits of entropy to fuel enough data forever, why is it that /dev/random is so slow? My system has uptime of 214 days!
Is it really only gathering .000000001 bits ...

I know from experience that reading from /dev/random blocks when the Linux kernel entropy pool runs out of entropy. Also, I've seen many articles and blog entries stating that when running on Linux, ...

I recently saw the movie Olympus Has Fallen.
Like in many action movies, at the end a missile is launched, and the hero (Mike Banning, played by Gerard Butler) has 60 seconds to recall the launch in ...

Assuming that the password is stored hashed and salted, and that it is a string of random characters, is there a point where adding to password length doesn't add security?
Since the hash will have a ...

When creating a Truecrypt volume, there is the wizard page in which the user is told to randomly move the mouse (the longer the better) to generate entropy, and that it will significantly increase the ...

It seems (to a non-expert) that /dev/random is acclaimed to be useable as a source of pure random data. However, I am curious as to the analysis of the file /dev/random.
/dev/random is a collection ...

I have a problem cracking some of the fundamentals on passwords' entropies. Namely: I have read this article about a guy cracking DKIM of Google (maybe more noticing that the keys are only 512 bits)
...

If you knew from the public internet that a certain IP address belonged to a machine with a certain MAC address, can you see any security exposure associated with that? I know that some software will ...

There seem to be many different 'kinds' of entropy. I've come across two different concepts:
A) The XKCD example of 'correcthorsebatterystaple". It has 44 bits of entropy because four words randomly ...

Whenever I look at password entropy, the only equation I ever see is E = log2(R)*L, or alternatively E = log2(R^L), where E is password entropy, R is the range of available characters, and L is the ...